F-Secure Detects Rare Malware Carrying Fake Digital Certificates

According to F-Secure, its researchers have detected one uncommon malware, which has an authorized code-signing certificate belonging to a government institution in Malaysia. Pcworld.com published this on November 14, 2011.

Chief Research Officer Mikko Hypponen at F-Secure said that code-signing certificates, which were actually digital signatures, made sure that an application was authentic and trustworthy for executing it on a PC. Meanwhile, malware frequently provided counterfeit digital certificates that Internet-users got duped with, however, those that were authentic, while being associated with malicious software were uncommon, he further said. Pcworld.com published this.

Evidently, "Aanjungnet.mardi.gov.my," which was from the Agricultural Research and Development Institute of Malaysia, signed the above-mentioned fake certificates, Hypponen stated. Moreover, F-Secure contacted the institute that subsequently discovered that hackers compromised an online Windows computer, which was the source of the certificates.

Hypponen further informed that the institute wasn't sure about the length-of-time the Windows server remained hacked.

He also disclosed that the Trojan behind the hack, and which F-Secure said was Agent.DTIW, disseminated through destructive PDF files, which used vulnerability within Adobe Reader 8. Zdnetasia.com published this on November 15, 2011.

Additionally, the specialist stated that the Trojan pulled down more malware from the worldnewsmagazines.org server, a few of which had fake digital signatures, however, for those malware, an entity named www.esupplychain.com.tw was used.

Worryingly, the problem with such digital certificates associated with Malaysia isn't new. During November 2011, Mozilla stated that DigiCert Sdn. Bhd a certificate authority from Malaysia had apparently signed a total 22 certificates having ineffective keys. Although no clue existed about the fraudulent signing of the certificates, the hacking, however, was enabled with the ineffective keys, the software company said.

Furthermore, F-Secure's discovery happened to remind most lately about the hazards that emerged from securing "public key infrastructures" (PKIs) utilized for digitally making sure that any software/website was authentic and trustworthy. Meanwhile, considering that there were over 600 entities that sign such certificates, it merely required hacking just a single one so a cyber-criminal could acquire the secret PKI and endorse fake credentials for organizations like Internal Revenue Service, eBay, Google alternatively any other, Hypponen concluded.